AES-256

As of version 2.0, uberLock now uses the Advanced Encryption Standard block cipher at 256 bits to secure all of your data. The AES-256 cipher is considered one of the most secure encryption standards in the world, and has been adopted by the U.S Government as their preferred encryption method for both unclassified and classified information. The AES ciphers have been analysed extensively and are now used worldwide.

Learn more about AES here.

In addition to this, your passphrase and randomised uberLock seed key is protected by a heavy duty SHA-512 key hash. This effectively means your passphrase can’t be reverse-engineered or discovered, and your uberLock can’t be cracked, even if somebody manages to steal your key file and uberLock installation.

How uberLock works

uberLock uses your local key file (uber.userkey) to decode the encrypted data sent from the uberLock server. All of your data is decrypted in memory, locally, after it has been sent from the server. This means there is no over-the-wire decryption taking place, and the only thing being transferred via the internet are AES-256 encrypted packets.

Your passphrase isn’t stored anywhere, ever. Not even in your key file. A SHA-512 bit key hash of your passphrase is generated when you first enter your passphrase in to the Keymaker program during installation. Hashes are one-way encryption systems. They take a series of characters (in this case your passphrase), and hash the data so only when the correct passphrase is presented, does the hashed code make sense.

All of the data in your key-file (which includes your unique uberLock seeding key, and a Checksum test) is encoded using AES-256 with the SHA-512 hash of your passphrase as the key.  This means the keyfile will only present sensible data when your passphrase hash is passed over it. Your key-file contains a randomised encryption seed key (generated when you run the KeyMaker program), plus various options and parameters (such as the remote uberLock vault IP address and port), as well as an arbitrary Checksum value to determine if the key file has been decoded successfully.

When you type your passphrase, uberLock passes the SHA-512 hash of your passphrase over your key-file in an attempt to decode the AES-256 encrypted data within. It checks for a valid Checksum return value from the pass, and if true, proceeds to the next step. If the Checksum return value doesn’t pass, then uberLock can only assume your passphrase is incorrect, and denies you access to the program.

If uberLock proceeds to the next step, it then uses the values within the now-decoded key-file to connect to the appropriate server. Once it has connected to the server, it retrieves all of your encrypted data from the server. Once the encrypted data has been received and is in local memory, uberLock attempts to decode it locally.

To decode the encrypted data, uberLock must create a new key which is a combination of your passphrase (the passphrase supplied to uberLock when you opened it), and the randomised seed key within the key-file.

uberLock attempts to decode your data in memory using this new key (supplied passphrase and seed key). Every uberLock item is encoded with a Checksum which can be checked by uberLock to determine if it has decoded the data successfully or not. This checksum is important because otherwise uberLock could decode your data, and present a garbled mess to you thinking it has decoded your data successfully.
If uberLock gets a bad checksum from the decode, it will report this in the main uberLock screen, and the associated item will appear as ‘[unable to decode]’ in the item list.

If uberLock gets a good checksum, it displays the decoded data in the main window.

When you close the uberLock application, all of the system memory that was used to hold your decoded data is thoroughly scrubbed and zeroed out, ensuring there is no trace of your decoded data in Windows system memory after uberLock is closed.

Despite all these complex processes going on in the background, uberLock is incredibly fast and very easy to use. You simply run uberLock, enter your passphrase, and all your data appears almost instantly.

This is how uberLock works. To summarise:

• Your passphrase isn’t stored anywhere, ever, not even in your local key-file. uberLock simply passes a hash of whatever passphrase you supply over an encrypted set of data in your keyfile, and attempts to decode the key file with the supplied passphrase.
• If somebody gets hold of your PC, and gains access to your uberLock key file, it is useless to them without knowing your passphrase.
• If somebody gets access to your key-file AND your encrypted uberLock data, it is useless to them without knowing your passphrase.
• If somebody gains access to the uberLock server and steals your encrypted data, it is useless to them. It would literally take them 100s of years to crack the encryption.
• Your passphrase is the first half of the key that is used to encrypt everything in uberLock. If you lose or forget your passphrase, your data is lost forever.
• Your key-file contains the second-half of the key that decodes your data (the randomised seed key). You must protect and back-up your key-file, because without it, you won’t be able to decode your data even with your passphrase.
• AES-256 has no known weaknesses or ‘backdoors’, Nobody, not even the creator of uberLock, can ever decode your data without your passphrase and keyfile.

uberLock: Seriously secure data storage.